COTA: Investigation finds no evidence of data accessed during December cybersecurity breach
Officials with the Central Ohio Transit Authority report an outside investigation found no evidence that riders' personal data was accessed during a cybersecurity breach last December.
COTA announced the breach Dec. 14, having learned two days earlier that an "outside organization" had accessed its IT network.
The incident led the transit authority to temporarily take its network systems offline as a precaution.
A COTA spokesman said in a statement that security firm Surefire Cyber analyzed data and logs from nearly 590 systems.
The company determined that while an unauthorized third party did access a COTA IT server, they found no indication that any personal employee or customer information was accessed. Additionally, zero evidence was found of any active cybersecurity threat.
While no data was accessed, COTA says it will offer employees three-bureau credit monitoring for one year at no charge. "This benefit provides added assurance that COTA is committed to protecting employees," the statement read.
COTA continued operating all transit services during the IT network outage. All customer-facing systems are back online, including real-time transit vehicle tracking and onboard Wi-Fi.